Xanga 2.0 is Here!

The servers have been stable for a while now, and we're starting to shift gears to looking into features. Our biggest effort has been around researching themes systems, so we can upgrade Xanga’s default theme system to be more flexible and powerful. Here’s what we’ve learned:

* Mobile-friendliness: Providing a mobile-friendly version of themes is key. A key question is how similar the mobile theme should be to the desktop theme. A lot of themes out there don’t have any similarities at all - it can be tough to make mobile and desktop themes match.

* Header editing: A lot of people want to be able to do something basic, like edit the header area without having to touch any code. Bonus points for being able to easily upload a header image!

* Module editing: Another common feature request is the ability to add and edit modules with basic HTML.

* One theme versus lots of them: With all the features to support, it’s better to have one theme versus lots of them. That means that the one theme has to be pretty flexible though, which is a bit tricky.

* Tradeoff between Flexibility versus Ease-of-Use: It’s easy to provide flexibility by itself, but hard to provide a flexible theme that’s easy to configure and doesn’t require knowledge of HTML/CSS.

* Security: We’ve looked at a lot of the themes out there, and many of them have huge security holes in them, so that people’s data can be easily compromised! This has ruled out a lot of the turnkey solutions out there, alas.

We’re currently researching theme systems out there, and seeing how they do against these criteria! Let us know if there are any theme systems out there you’d like us to look at, and we can share our thoughts/evaluations in our next post.

We’ve been experiencing some higher levels of bot traffic on Xanga lately, which have been keeping us very busy. Bot traffic can cause the servers to get slower (or worse, to be inaccessible), so we wanted to share an update on what's going on and what we've been doing to address it.

1. LOTS OF BOTS

There are a growing number of "web crawler" bots that are trying to crawl our site, and sites in general. As Wikipedia puts it, “a Web crawler is an Internet bot that systematically browses the World Wide Web, typically for the purpose of Web indexing.”

It used to be that only large search engines like Google or Bing could afford to buy lots of servers and storage, and crawl websites. But the rates for servers/storage have come down a lot lately, and we’ve noticed a big increase in bots and web crawlers. Social media is also a big contributor: every time someone pins a post, Pinterest sends a bot to crawl the page being pinned. With all the pinning going on these days, Pinterest is sending a lot of bots out there into the world!

As a result of all this, bot traffic is way up on the web and it’s been putting a strain on our servers. We should be fine for now - and when bot traffic gets especially bad, we tweak our network settings to prevent the bots from overloading the servers.

Server maintenance is proving to be a lot of work though, so we’re looking find other ways to address the surge in bot traffic.

2. DDOS

We experience Denial-of-Service attacks from time to time as well. (“In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.” - Wikipedia)

Recently we were the inadvertent target of a DDoS attack on our servers. Our webhost had a bunch of random servers compromised by a security vulnerability known as Shellshock. Our servers were not compromised (we had patched them immediately after the security vulnerability came to light), but some hackers used the other compromised servers to attack another set of servers on our web host.

Even though we weren’t directly attacked, the compromised servers caused significant congestion on our webhost’s network - and that congestion caused our servers to be unable to reach the Internet. So Xanga went down for about 2 hours.

By the time we had figured out what was going on, the webhost had resolved the issue on their end. And with some server tweaks on our end, we were able to once again get out servers connected to the Internet. Our webhost has made changes to make sure that this won't happen again, and we will continue to monitor for server vulnerabilities so we can keep our servers safe.

———

Just wanted to share a little bit about the sort of server maintenance we’ve been doing a lot of lately. Next up, we’re pulling together our thoughts on some of the top feature requests, starting with how we might upgrade our customizable theme system.

We want to thank everyone for being there for us. Without your involvement, we wouldn't be where we are today.

Here are a few of the things that we've been working on over this past year:

* We built out a new server system, and migrated thousands of websites over to the new servers
* We fought off ongoing DDOS and brute password attacks that were slowing the site down
* We've made further upgrades to our server setup over the past six months, to use new more powerful servers as they became available.
* We're planning one more server upgrade later this year, to take advantage of better and cheaper server systems that have become available.

One area where we've dropped the ball is providing updates on all of the above. Initially we were fighting off the DDOS attacks, and didn't want to tip off our attackers on our progress. So we focused on talking to our users one at a time, through our email support and help forums.

But more recently, we've largely defeated the ongoing DDOS and password attacks. The site has been up and stable, and we're gearing up to make the further upgrades mentioned above. We'll be providing more regular updates and communication, both on this blog and also on our Facebook page.

So we're working to communicate more regularly, and to start building the community teams that we mentioned earlier. First up: we've asked Joel of edlives.xanga.com to serve as a community liaison. You can reach him at his blog at edlives.xanga.com, or through Xanga's facebook page at http://www.facebook.com/xanga. We will have a regular call with Joel to discuss feedback and ideas.

We're also going to be working together to pull together a list of other areas where we could use help. If any come to mind, please let us know and we'll discuss it with Joel in our next call! And as a thank you for sticking with us, we're offering 6 months of free blog hosting to all of our paid members. Just email Eugenia at help@xanga.net, and she'll add it the extra months to your account!

Thank you for sticking with us over the past year. We're looking forward to working together to build Xanga in the coming year.

I mentioned previously that we've migrated all Premium users and campaign contributors over to the Xanga 2.0 servers.

In addition, we also have prepared downloadable archives for the ~2 million Xanga blogs saved on our servers... specifically:

* We generated blog archives for every Xangan who has signed into the site in the past 5 years, as long as they have more than two subscribers (to rule out spam).
* We also generated blog archives for every Xangan who has signed into the site in the past year, and has at least ten blogs overall.

We are currently working to make these archives available asap to all of our users (for free, of course). We've been working on this all day, and hope to have it available soon. There will be two ways to retrieve your data.

1) Once we launch this feature, you will be able to sign into Xanga and download the archive (for free) from the link at the top of your dashboard, or

2) Upgrade to Xanga 2.0 and we will upgrade your blog to the new servers using the data in the backup.

Let me know if you have any questions!

ps We've been tuning the servers all day to run faster... let us know if you can feel a difference in the site speed!

You can use the same username and password that you're used to, and it should work!

2. CHECK OUT YOUR BLOG

If you are premium or participated in our Xanga 2.0 campaign, your blog should be in the same location! For example, my blog is here:http://john.xanga.com

If your blog appears, you should be able to go to your dashboard and start blogging! Your blog should even look similar to your old theme. (If it looks a bit off, let us know here and we'll take a look!)http://help.xanga.com/forum/themes

Either way, you should be able to check out your Reading page under your dashboard!

It's a great way to find updates from your subs and friends! Speaking of which, we made some name changes related to subs and friends, to help make it a bit simpler and more intuitive... you can read about the name tweaks here!

ps Thanks for your patience everyone... we will find a way to make it up to you!!

pps We are now officially in phase 2 (of four) of the Xanga 2.0 launch!

The next month or two of work on Xanga 2.0 is going to be busy, so we wanted to share with everyone a roadmap of how we’re thinking about things... if you're interested, you can read more details about the 4 phases here